Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

openSUSE-SU-2022:1100-1

Опубликовано: 04 апр. 2022
Источник: suse-cvrf

Описание

Security update for 389-ds

This update for 389-ds fixes the following issues:

  • CVE-2022-0918: Fixed a potential denial of service via crafted packet (bsc#1197275).
  • CVE-2022-0996: Fixed a mishandling of password expiry (bsc#1197345).
  • Resolved LDAP-Support not working with DHCP by adding required schema (bsc#1194068)
  • Resolved multiple index migration bug (bsc#1194084)

Список пакетов

openSUSE Leap 15.3
389-ds-1.4.4.19~git28.b12c72226-150300.3.12.1
389-ds-devel-1.4.4.19~git28.b12c72226-150300.3.12.1
389-ds-snmp-1.4.4.19~git28.b12c72226-150300.3.12.1
lib389-1.4.4.19~git28.b12c72226-150300.3.12.1
libsvrcore0-1.4.4.19~git28.b12c72226-150300.3.12.1

Ссылки

Описание

A vulnerability was discovered in the 389 Directory Server that allows an unauthenticated attacker with network access to the LDAP port to cause a denial of service. The denial of service is triggered by a single message sent over a TCP connection, no bind or other authentication is required. The message triggers a segmentation fault that results in slapd crashing.

Затронутые продукты
openSUSE Leap 15.3:389-ds-1.4.4.19~git28.b12c72226-150300.3.12.1
openSUSE Leap 15.3:389-ds-devel-1.4.4.19~git28.b12c72226-150300.3.12.1
openSUSE Leap 15.3:389-ds-snmp-1.4.4.19~git28.b12c72226-150300.3.12.1
openSUSE Leap 15.3:lib389-1.4.4.19~git28.b12c72226-150300.3.12.1
Ссылки

Описание

A vulnerability was found in the 389 Directory Server that allows expired passwords to access the database to cause improper authentication.

Затронутые продукты
openSUSE Leap 15.3:389-ds-1.4.4.19~git28.b12c72226-150300.3.12.1
openSUSE Leap 15.3:389-ds-devel-1.4.4.19~git28.b12c72226-150300.3.12.1
openSUSE Leap 15.3:389-ds-snmp-1.4.4.19~git28.b12c72226-150300.3.12.1
openSUSE Leap 15.3:lib389-1.4.4.19~git28.b12c72226-150300.3.12.1
Ссылки